MB detected this 3 days ago. I ran the scan yesterday and the day before and it was not there. Updated MB today, ran the scan and there it was again. Malwarebytes' Anti-Malware 1.37 Database version: 2182 Windows 5.1.2600 Service Pack 3 6/11/2009 9:03:51 AM mbam-log-2009-06-11 (09-03-51).txt Scan type: Quick Scan Objects scanned: 115761 Time elapsed: 4 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation (Backdoor.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:54:31 AM, on 6/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal HJT Log: Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Smc.exe C:\Program Files\Symantec AntiVirus\SNAC.EXE C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe c:\altiris\aclient\aclient.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec AntiVirus\SmcGui.exe C:\altiris\aclient\AClntUsr.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\TpShocks.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\RightFax\Client\English\FaxCtrl.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\SAP\FrontEnd\sapgui\saplogon.exe C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\FileBound\Viewer\FBViewerLauncher.exe C:\Program Files\Symantec AntiVirus\SymCorpUI.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE C:\WINDOWS\system32\WISPTIS.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.compass-usa.com O15 - Trusted Zone: http://*.compassperformance.com O15 - Trusted Zone: http://*.ondemand.halogensoftware.com O15 - Trusted Zone: *.redcross.org O15 - Trusted Zone: *.compass-sales.com (HKLM) O15 - Trusted Zone: http://*.compass-usa.com (HKLM) O15 - Trusted Zone: *.compassperformance.com (HKLM) O15 - Trusted Zone: http://*.compassperformance.com (HKLM) O15 - Trusted Zone: fin.crothall.com (HKLM) O15 - Trusted Zone: http://fin.crothall.com (HKLM) O15 - Trusted Zone: teamchimes.crothall.com (HKLM) O15 - Trusted Zone: http://teamchimes.crothall.com (HKLM) O15 - Trusted Zone: teamops.crothall.com (HKLM) O15 - Trusted Zone: http://teamops.crothall.com (HKLM) O15 - Trusted Zone: http://crothall.fileburst.com (HKLM) O15 - Trusted Zone: *.halogensoftware.com (HKLM) O15 - Trusted IP range: 192.168.101.20 (HKLM) O15 - ESC Trusted Zone: http://www.wise.com O15 - ESC Trusted Zone: http://www.wise.com (HKLM) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199306547204 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NA.compassgroup.corp O17 - HKLM\Software\..\Telephony: DomainName = NA.compassgroup.corp O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NA.compassgroup.corp O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - c:\altiris\aclient\aclient.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Update Service (gupdate1c9db22824e6082) (gupdate1c9db22824e6082) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe -- End of file - 9989 bytes